diff --git a/.github/labeler.yml b/.github/labeler.yml index e9525d0e2d..411c79d577 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -16,51 +16,66 @@ # component/agent: - - 'inlong-agent/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-agent/**/*' component/dataproxy: - - 'inlong-dataproxy/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-dataproxy/**/*' component/manager: - - 'inlong-manager/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-manager/**/*' component/sort: - - 'inlong-sort/**/*' - - 'inlong-sort-standalone/**/*' + - changed-files: + - any-glob-to-any-file: + - 'inlong-sort/**/*' + - 'inlong-sort-standalone/**/*' component/tubemq: - - 'inlong-tubemq/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-tubemq/**/*' component/dashboard: - - 'inlong-dashboard/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-dashboard/**/*' component/audit: - - 'inlong-audit/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-audit/**/*' component/sdk: - - 'inlong-sdk/**/*' + - changed-files: + - any-glob-to-any-file: 'inlong-sdk/**/*' service/ci: - - '.github/actions/**/*' - - '.github/workflows/**/*' - - '.github/labeler.yml' - - '.github/PULL_REQUEST_TEMPLATE.md' - - '.github/ISSUE_TEMPLATE/**/*' + - changed-files: + - any-glob-to-any-file: + - '.github/actions/**/*' + - '.github/workflows/**/*' + - '.github/labeler.yml' + - '.github/PULL_REQUEST_TEMPLATE.md' + - '.github/ISSUE_TEMPLATE/**/*' service/docker: - - '**/Dockerfile' - - '**/*-docker.sh' - - 'inlong-agent/agent-docker/**/*' - - 'inlong-audit/audit-docker/**/*' - - 'inlong-dataproxy/dataproxy-docker/**/*' - - 'inlong-manager/manager-docker/**/*' - - 'inlong-tubemq/tubemq-docker/**/*' - - 'docker/docker-compose/**/*' - - 'docker/build-docker-images.sh' - - 'docker/publish-by-arch.sh' + - changed-files: + - any-glob-to-any-file: + - '**/Dockerfile' + - '**/*-docker.sh' + - 'inlong-agent/agent-docker/**/*' + - 'inlong-audit/audit-docker/**/*' + - 'inlong-dataproxy/dataproxy-docker/**/*' + - 'inlong-manager/manager-docker/**/*' + - 'inlong-tubemq/tubemq-docker/**/*' + - 'docker/docker-compose/**/*' + - 'docker/build-docker-images.sh' + - 'docker/publish-by-arch.sh' service/k8s: - - '.github/ct.yml' - - '.github/kind.yml' - - 'docker/kubernetes/**/*' - - 'inlong-tubemq/tubemq-docker/tubemq-k8s/**/*' \ No newline at end of file + - changed-files: + - any-glob-to-any-file: + - '.github/ct.yml' + - '.github/kind.yml' + - 'docker/kubernetes/**/*' + - 'inlong-tubemq/tubemq-docker/tubemq-k8s/**/*' \ No newline at end of file diff --git a/.github/workflows/ci_build.yml b/.github/workflows/ci_build.yml index ae6d3aefc4..3355389cf4 100644 --- a/.github/workflows/ci_build.yml +++ b/.github/workflows/ci_build.yml @@ -52,6 +52,9 @@ on: - 'inlong-tubemq/**' - '!**.md' +permissions: + contents: read + jobs: build: name: Build diff --git a/.github/workflows/ci_chart_test.yml b/.github/workflows/ci_chart_test.yml index a8ae336620..4e4a8b7881 100644 --- a/.github/workflows/ci_chart_test.yml +++ b/.github/workflows/ci_chart_test.yml @@ -40,6 +40,9 @@ env: CT_CONFIG_PATH: '.github/ct.yml' KIND_CONFIG_PATH: '.github/kind.yml' +permissions: + contents: read + jobs: chart-test: name: Lint and test charts @@ -57,12 +60,12 @@ jobs: submodules: true - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v4 with: version: v3.5.0 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: 3.7 diff --git a/.github/workflows/ci_check_format.yml b/.github/workflows/ci_check_format.yml index a0738d875e..d1766102eb 100644 --- a/.github/workflows/ci_check_format.yml +++ b/.github/workflows/ci_check_format.yml @@ -19,6 +19,9 @@ name: InLong Code Format Check on: [ push, pull_request ] +permissions: + contents: read + jobs: build: name: Code Format Check diff --git a/.github/workflows/ci_check_license.yml b/.github/workflows/ci_check_license.yml index 56b534a20a..d97687bbbd 100644 --- a/.github/workflows/ci_check_license.yml +++ b/.github/workflows/ci_check_license.yml @@ -19,6 +19,9 @@ name: InLong Check License Header on: [ push, pull_request ] +permissions: + contents: read + jobs: check-license: name: Check license header @@ -28,7 +31,7 @@ jobs: uses: actions/checkout@v4 - name: Check license header - uses: apache/skywalking-eyes@v0.3.0 + uses: apache/skywalking-eyes@v0.6.0 with: log: info config: .licenserc.yaml diff --git a/.github/workflows/ci_check_pr_title.yml b/.github/workflows/ci_check_pr_title.yml index eac1719165..77e340f2fd 100644 --- a/.github/workflows/ci_check_pr_title.yml +++ b/.github/workflows/ci_check_pr_title.yml @@ -25,6 +25,9 @@ on: - edited - synchronize +permissions: + contents: read + jobs: check: name: Check pull request title diff --git a/.github/workflows/ci_docker.yml b/.github/workflows/ci_docker.yml index 3ed84f2e36..eb184df32f 100644 --- a/.github/workflows/ci_docker.yml +++ b/.github/workflows/ci_docker.yml @@ -46,6 +46,9 @@ on: - 'inlong-tubemq/tubemq-docker/**' - '!**.md' +permissions: + contents: read + jobs: docker: name: Docker build and push @@ -90,16 +93,16 @@ jobs: distribution: adopt - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: 3.7 - name: Set up QEMU dependency - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Maven packages uses: actions/cache@v4 diff --git a/.github/workflows/ci_greeting.yml b/.github/workflows/ci_greeting.yml index 554273e652..e2219d3f56 100644 --- a/.github/workflows/ci_greeting.yml +++ b/.github/workflows/ci_greeting.yml @@ -18,31 +18,29 @@ name: InLong Greeting on: - pull_request: + pull_request_target: types: - opened issues: types: - opened +permissions: + issues: write + pull-requests: write + jobs: greeting: - name: Greeting + name: Greet First-Time Contributors runs-on: ubuntu-22.04 - permissions: - issues: write - pull-requests: write steps: - - name: Interact with newcomers - uses: actions/first-interaction@v1 - continue-on-error: true + - uses: actions/first-interaction@v3 with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - pr-message: | - Hello @${{ github.actor }}, thank you for submitting a PR to InLong ๐Ÿ’– We will respond as soon as possible โณ - This seems to be your first PR ๐ŸŒ  Please be sure to follow our [Contribution Guidelines](https://inlong.apache.org/community/how-to-contribute). - If you have any questions in the meantime, you can also ask us on the [InLong Discussions](https://github.com/apache/inlong/discussions) ๐Ÿ” issue-message: | Hello @${{ github.actor }}, thank you for opening your first issue in InLong ๐Ÿงก We will respond as soon as possible โณ If this is a bug report, please provide screenshots or error logs for us to reproduce your issue, so we can do our best to fix it. If you have any questions in the meantime, you can also ask us on the [InLong Discussions](https://github.com/apache/inlong/discussions) ๐Ÿ” + pr-message: | + Hello @${{ github.actor }}, thank you for submitting a PR to InLong ๐Ÿ’– We will respond as soon as possible โณ + This seems to be your first PR ๐ŸŒ  Please be sure to follow our [Contribution Guidelines](https://inlong.apache.org/community/how-to-contribute). + If you have any questions in the meantime, you can also ask us on the [InLong Discussions](https://github.com/apache/inlong/discussions) ๐Ÿ” diff --git a/.github/workflows/ci_labeler.yml b/.github/workflows/ci_labeler.yml index 76075d8bb1..53ccee294b 100644 --- a/.github/workflows/ci_labeler.yml +++ b/.github/workflows/ci_labeler.yml @@ -17,19 +17,25 @@ name: InLong Pull Request Labeler -on: pull_request +on: + pull_request_target: + types: + - opened + - synchronize + - reopened + +permissions: + contents: read + pull-requests: write jobs: label: name: Label runs-on: ubuntu-22.04 - permissions: - contents: read - pull-requests: write steps: - name: Label the PR - uses: actions/labeler@v4 + uses: actions/labeler@v5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} configuration-path: .github/labeler.yml - sync-labels: true + sync-labels: true \ No newline at end of file diff --git a/.github/workflows/ci_stale.yml b/.github/workflows/ci_stale.yml index 916e04c27d..291dc5d3d6 100644 --- a/.github/workflows/ci_stale.yml +++ b/.github/workflows/ci_stale.yml @@ -30,7 +30,7 @@ jobs: pull-requests: write steps: - name: Mark issues and PRs - uses: actions/stale@v5 + uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open for 60 days with no activity.' diff --git a/.github/workflows/ci_ut.yml b/.github/workflows/ci_ut.yml index fcc4cdb665..0ddf04663d 100644 --- a/.github/workflows/ci_ut.yml +++ b/.github/workflows/ci_ut.yml @@ -52,6 +52,9 @@ on: - 'inlong-tubemq/**' - '!**.md' +permissions: + contents: read + jobs: unit-test: name: Unit Test diff --git a/.github/workflows/ci_ut_flink13.yml b/.github/workflows/ci_ut_flink13.yml index 9084e34a3a..d1976642e6 100644 --- a/.github/workflows/ci_ut_flink13.yml +++ b/.github/workflows/ci_ut_flink13.yml @@ -31,6 +31,9 @@ on: - 'inlong-sort/**' - '!**.md' +permissions: + contents: read + jobs: unit-test: name: Unit Test diff --git a/.github/workflows/ci_ut_flink15.yml b/.github/workflows/ci_ut_flink15.yml index 53b88957e0..eb7b32dab0 100644 --- a/.github/workflows/ci_ut_flink15.yml +++ b/.github/workflows/ci_ut_flink15.yml @@ -31,6 +31,9 @@ on: - 'inlong-sort/**' - '!**.md' +permissions: + contents: read + jobs: unit-test: name: Unit Test diff --git a/.github/workflows/ci_ut_flink18.yml b/.github/workflows/ci_ut_flink18.yml index d86ea53bfc..9d45c02adf 100644 --- a/.github/workflows/ci_ut_flink18.yml +++ b/.github/workflows/ci_ut_flink18.yml @@ -31,6 +31,9 @@ on: - 'inlong-sort/**' - '!**.md' +permissions: + contents: read + jobs: unit-test: name: Unit Test